The present disclosure relates to systems and methods for securing financial transactions and preventing card skimming.
Card skimming refers to the theft of banking card information. Banking cards may include credit cards, debit cards, ATM cards, cash cards, pre-payment cards, and other cards issued to a user by a banking institution or other institution acting to promote financial transactions (e.g., fuel cards for use at gas stations or transit cards for facilitating electronic transit fare payments). Card information may be stolen using various methods such as photocopying receipts or using an electronic card skimming device to swipe and store card numbers and other card information. One approach to preventing card skimming involves the use of user passwords and/or personal identification numbers (PINs). In some cases, a PIN (or PIN code) may be entered by the user of a card when using the card at a card processing terminal. For example, the user may enter a PIN when making a withdrawal from an ATM machine or making a purchase at a point of sale (POS) device or terminal. PINs are typically generated by the card issuer (e.g., a card issuing bank) and sent to users apart from the card. After the user initiates a financial transaction at a processing terminal and enters the PIN, the PIN and transaction related information may be transmitted to the card issuer, who subsequently makes the decision whether or not to authorize the transaction. PINs may comprise static PINs that do not change over time or dynamic PINs that change over time (e.g., a new PIN may be used for every transaction). In some cases, two factor authentication requiring both a smart card (i.e., the “what you have” factor) and a valid PIN (i.e., the “what you know” factor) must be satisfied for a transaction to be approved.
Many banking customers in the United States use a banking card with a magnetic stripe that encodes card related information such as the card holder's name, the expiration date for the card, an account number associated with the card, and card verification information. Outside the United States, the use of smart cards is widely used to provide improved security with financial transactions. Smart cards include an embedded integrated circuit for performing identification, authentication, data storage, and application processing. One standard for using smart cards to authenticate credit and debit card transactions is the EMV standard. EMV chip card transactions may improve security against card fraud as compared with magnetic stripe card transactions since cryptographic algorithms (e.g., DES and RSA) may be used to provide authentication of the card to the processing terminal and/or the card issuer's authentication system.